Vulnerabilities > CVE-2015-6125 - DNS Use After Free Remote Code Execution vulnerability in Microsoft Windows Server 2008 and Windows Server 2012
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Use After Free Vulnerability." <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 |
Msbulletin
| bulletin_id | MS15-127 |
| bulletin_url | |
| date | 2015-12-08T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 3100465 |
| knowledgebase_url | |
| severity | Critical |
| title | Security Update for Microsoft Windows DNS to Address Remote Code Execution |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS15-127.NASL |
| description | The remote Windows host is affected by a remote code execution vulnerability in the Windows Domain Name System (DNS) server due to improper parsing of DNS requests. A remote attacker can exploit this, via specially crafted DNS requests, to execute arbitrary code in the context of the Local System Account. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 87256 |
| published | 2015-12-08 |
| reporter | This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/87256 |
| title | MS15-127: Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465) |